WordPress 2.8.4 Security Release available

In reponse to a security threat that allowed potential attackers to bypass a security check to verify a user requested a password reset, the WordPress team has announced a new release.

WordPress 2.8.4 is a security update to address this threat and keep the popular open source blog software free of security risks.

From the release:

“Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.

Primary Sidebar

Hi, I'm Mike…

I'm a tech geek that began CMS Critic in 2008 to help focus on the Content Management Industry. Since that time, the industry has changed and this site has changed with it. Here you'll find my personal musings, rants and raves, reviews and more on all sorts of topics.